1 |
On 03/08/2015 07:59 AM, Patrick Schleizer wrote: |
2 |
> Zac Medico: |
3 |
>> On 03/06/2015 09:50 AM, Mark Kubacki wrote: |
4 |
>>> We're on the same side here. |
5 |
>>> |
6 |
>>> Do we have numbers showing the ratio "portage used with defaults" vs. |
7 |
>>> where "[webrsync-gpg] is described in many hardening guides for gentoo |
8 |
>>> and widely used among the security conscious" applies? |
9 |
>>> |
10 |
>>> DNS not being encrypted is just painting the whole picture. Point is, |
11 |
>>> the default is that "emerge --sync" results in a transfer using RSYNC |
12 |
>>> (or http). |
13 |
>>> |
14 |
>>> And by default you cannot compare the result with any authoritative source. |
15 |
>>> |
16 |
>> |
17 |
>> Ideally, we can rely on security mechanisms built into git [1], possibly |
18 |
>> involving signed commits. |
19 |
>> |
20 |
>> [1] https://github.com/gentoo/gentoo-portage-rsync-mirror |
21 |
> |
22 |
> Then the question is, how secure are signatures when used wit hgit? |
23 |
|
24 |
And once we answer that question, the question is, is git secure enough |
25 |
for our needs? |
26 |
|
27 |
> A while ago I wrote a blog post asking that question, referencing a lot |
28 |
> related information, started a discussion and also posted this on the |
29 |
> git mailing list. |
30 |
> |
31 |
> "How safe are signed git tags? Only as safe as SHA-1 or somehow safer?" |
32 |
> [1] [2] |
33 |
> |
34 |
> Cheers, |
35 |
> Patrick |
36 |
> |
37 |
> [1] |
38 |
> https://www.whonix.org/blog/how-safe-are-signed-git-tags-only-as-safe-as-sha-1-or-somehow-safer |
39 |
> [2] http://www.mail-archive.com/git@×××××××××××.org/msg61087.html |
40 |
|
41 |
For the time being, I think that git is secure enough for our needs, and |
42 |
I trust that git will implement stronger security soon enough. |
43 |
-- |
44 |
Thanks, |
45 |
Zac |